@sfdxy/mule-lint 1.19.0 → 1.21.0

package/README.md

@@ -1,4 +1,13 @@
-# Mule-Lint
+<p align="center">
+  <img src="assets/logo.svg" alt="Mule-Lint" width="600" />
+</p>
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/@sfdxy/mule-lint"><img src="https://img.shields.io/npm/v/@sfdxy/mule-lint?style=flat-square&color=34d399" alt="npm version" /></a>
+  <a href="https://github.com/Avinava/mule-lint/actions"><img src="https://img.shields.io/github/actions/workflow/status/Avinava/mule-lint/ci.yml?style=flat-square&color=38bdf8" alt="CI" /></a>
+  <a href="https://github.com/Avinava/mule-lint/blob/master/LICENSE"><img src="https://img.shields.io/npm/l/@sfdxy/mule-lint?style=flat-square&color=818cf8" alt="License" /></a>
+  <a href="https://www.npmjs.com/package/@sfdxy/mule-lint"><img src="https://img.shields.io/npm/dm/@sfdxy/mule-lint?style=flat-square&color=fbbf24" alt="Downloads" /></a>
+</p>
 
 <p align="center">
   <strong>Enterprise-grade static analysis tool for MuleSoft applications</strong>
@@ -19,12 +28,14 @@
 
 **Mule-Lint** is a TypeScript-based linting tool designed to enforce best practices and standards for MuleSoft applications. It provides:
 
-- ✅ **56 Built-in Rules** covering error handling, security, naming, logging, performance, and more
-- ✅ **Multiple Output Formats** - Table, JSON, SARIF, HTML, CSV <!-- id: 4 -->
-- ✅ **CI/CD Ready** - Exit codes and machine-readable output
-- ✅ **156+ Unit Tests** - Comprehensive test coverage for reliability
-- ✅ **TypeScript** - Fully typed for VS Code extension integration
-- ✅ **Extensible** - Add custom rules for your organization
+- **82 Built-in Rules** covering error handling, security, naming, logging, performance, API-led, connectors, and more
+- **Multiple Output Formats** - Table, JSON, SARIF, HTML, CSV <!-- id: 4 -->
+- **CI/CD Ready** - Exit codes and machine-readable output
+- **442 Unit Tests** - Comprehensive test coverage for reliability
+- **TypeScript** - Fully typed for VS Code extension integration
+- **Extensible** - Add custom rules for your organization
+- **Document Cache** - Parsed XML documents cached to eliminate redundant parsing
+- **Project Layer Detection** - Automatic SAPI/PAPI/EAPI/library/batch classification
 
 ### Architecture
 
@@ -35,15 +46,18 @@ flowchart TB
     end
 
     subgraph Engine["LintEngine"]
-        B[FileScanner] --> C[XmlParser]
+        B[FileScanner] --> C[XmlParser + Document Cache]
         C --> D[Rule Executor]
+        B --> PreScan[Pre-Scan: allFlowRefs, allFlowNames, projectLayer]
+        PreScan --> D
     end
 
     subgraph Rules["Rules - Strategy Pattern"]
-        D --> E[MULE-001]
-        D --> F[MULE-002]
-        D --> G[...]
-        D --> H[MULE-010]
+        D --> E[Per-File Rules]
+        D --> F[Project Rules]
+        E --> G[MULE-001..804]
+        E --> H[SEC, ERR, API, DW, ...]
+        F --> I2[YAML, HYG, CFG, ...]
     end
 
     subgraph Output["Formatters"]
@@ -72,11 +86,12 @@ flowchart TB
 
 ```mermaid
 flowchart LR
-    A["XML Files"] --> B["Parse DOM"]
-    B --> C["Execute Rules"]
-    C --> D["Collect Issues"]
-    D --> E["Format Output"]
-    E --> F["Table / JSON / SARIF / HTML / CSV"]
+    A["XML Files"] --> B["Pre-Scan (flow-refs, flow-names, project layer)"]
+    B --> C["Parse DOM (cached)"]
+    C --> D["Execute Rules"]
+    D --> E["Collect Issues"]
+    E --> F["Format Output"]
+    F --> G["Table / JSON / SARIF / HTML / CSV"]
 ```
 
 ---
@@ -273,55 +288,55 @@ npx @sfdxy/mule-lint src/main/mule -f sarif -o results.sarif
 
 ### Core Rules (MVP)
 
-| ID       | Name                  | Severity | Category       | Description                                       |
-| -------- | --------------------- | -------- | -------------- | ------------------------------------------------- |
-| MULE-001 | Global Error Handler  | Error    | Error Handling | Project should have global error handler          |
-| MULE-002 | Flow Naming           | Warning  | Naming         | Flows end with `-flow`, sub-flows with `-subflow` |
-| MULE-003 | Missing Error Handler | Error    | Error Handling | Flows should have error handlers                  |
-| MULE-004 | Hardcoded URLs        | Error    | Security       | Use property placeholders for URLs                |
-| MULE-005 | HTTP Status Check     | Warning  | Error Handling | Error handlers should set httpStatus              |
-| MULE-006 | Logger Category       | Warning  | Logging        | Loggers should have category attribute            |
-| MULE-007 | Correlation ID        | Warning  | Error Handling | Error handlers should reference correlationId     |
-| MULE-008 | Choice Anti-Pattern   | Warning  | Standards      | Avoid raise-error in otherwise                    |
-| MULE-009 | Generic Error Type    | Warning  | Error Handling | Avoid catching type="ANY"                         |
-| MULE-010 | DWL Standards         | Info     | Standards      | Standard DataWeave files should exist             |
+| ID       | Name                  | Severity | Category       | Description                                                          |
+| -------- | --------------------- | -------- | -------------- | -------------------------------------------------------------------- |
+| MULE-001 | Global Error Handler  | Warning  | Error Handling | Any flow file should have a global error handler                     |
+| MULE-002 | Flow Naming           | Warning  | Naming         | Flows end with `-flow`, sub-flows with `-subflow`                    |
+| MULE-003 | Missing Error Handler | Error    | Error Handling | Flows should have error handlers                                     |
+| MULE-004 | Hardcoded URLs        | Error    | Security       | Use property placeholders for URLs                                   |
+| MULE-005 | HTTP Status Check     | Warning  | Error Handling | Error handlers should set httpStatus (skipped for non-HTTP projects) |
+| MULE-006 | Logger Category       | Warning  | Logging        | Loggers should have category attribute                               |
+| MULE-007 | Correlation ID        | Warning  | Error Handling | Error handlers should reference correlationId (checks DWL files too) |
+| MULE-008 | Choice Anti-Pattern   | Warning  | Standards      | Avoid raise-error in otherwise                                       |
+| MULE-009 | Generic Error Type    | Warning  | Error Handling | Avoid catching type="ANY"                                            |
+| MULE-010 | DWL Standards         | Info     | Standards      | Standard DataWeave files should exist                                |
 
 ### Extended Rules
 
-| ID       | Name                  | Severity | Category      | Description                       |
-| -------- | --------------------- | -------- | ------------- | --------------------------------- |
-| MULE-101 | Flow Casing           | Warning  | Naming        | kebab-case for flows              |
-| MULE-102 | Variable Naming       | Warning  | Naming        | camelCase for variables           |
-| MULE-201 | Hardcoded Credentials | Error    | Security      | Use `${secure::}`                 |
-| MULE-202 | Insecure TLS          | Error    | Security      | No insecure="true"                |
-| MULE-301 | Logger Payload        | Warning  | Logging       | Don't log entire payload          |
-| MULE-303 | Logger in Retry       | Warning  | Logging       | Avoid loggers in until-successful |
-| MULE-401 | HTTP User-Agent       | Warning  | HTTP          | Include User-Agent                |
-| MULE-402 | HTTP Content-Type     | Warning  | HTTP          | POST/PUT needs Content-Type       |
-| MULE-403 | HTTP Timeout          | Warning  | HTTP          | Set responseTimeout               |
-| MULE-501 | Scatter-Gather        | Info     | Performance   | Limit parallel routes             |
-| MULE-502 | Async Error           | Warning  | Performance   | Async needs error handling        |
-| MULE-503 | Large Choice          | Warning  | Performance   | Max 7 when clauses                |
-| MULE-601 | Flow Description      | Info     | Documentation | Add doc:description               |
-| MULE-604 | Missing doc:name      | Warning  | Documentation | Key components need doc:name      |
-| MULE-701 | Deprecated            | Warning  | Standards     | Detect deprecated elements        |
-| MULE-801 | Flow Complexity       | Warning  | Complexity    | Cyclomatic complexity threshold   |
-| MULE-802 | Project Structure     | Warning  | Structure     | Validate folder structure         |
-| MULE-803 | Global Config         | Warning  | Structure     | global.xml should exist           |
-| MULE-804 | Monolithic XML        | Warning  | Structure     | Split large XML files             |
+| ID       | Name                  | Severity | Category      | Description                                               |
+| -------- | --------------------- | -------- | ------------- | --------------------------------------------------------- |
+| MULE-101 | Flow Casing           | Warning  | Naming        | kebab-case for flows                                      |
+| MULE-102 | Variable Naming       | Warning  | Naming        | camelCase for variables                                   |
+| MULE-201 | Hardcoded Credentials | Error    | Security      | Use `${secure::}`                                         |
+| MULE-202 | Insecure TLS          | Error    | Security      | No insecure="true"                                        |
+| MULE-301 | Logger Payload        | Warning  | Logging       | Don't log entire payload                                  |
+| MULE-303 | Logger in Retry       | Warning  | Logging       | Avoid loggers in until-successful                         |
+| MULE-401 | HTTP User-Agent       | Warning  | HTTP          | Include User-Agent                                        |
+| MULE-402 | HTTP Content-Type     | Warning  | HTTP          | POST/PUT needs Content-Type (static, CDATA, or inline DW) |
+| MULE-403 | HTTP Timeout          | Warning  | HTTP          | Set responseTimeout                                       |
+| MULE-501 | Scatter-Gather        | Info     | Performance   | Limit parallel routes                                     |
+| MULE-502 | Async Error           | Warning  | Performance   | Async needs error handling                                |
+| MULE-503 | Large Choice          | Warning  | Performance   | Max 7 when clauses                                        |
+| MULE-601 | Flow Description      | Info     | Documentation | Add doc:description                                       |
+| MULE-604 | Missing doc:name      | Warning  | Documentation | Key components need doc:name                              |
+| MULE-701 | Deprecated            | Warning  | Standards     | Detect deprecated elements                                |
+| MULE-801 | Flow Complexity       | Warning  | Complexity    | Cyclomatic complexity threshold                           |
+| MULE-802 | Project Structure     | Warning  | Structure     | Validate folder structure                                 |
+| MULE-803 | Global Config         | Warning  | Structure     | global.xml should exist                                   |
+| MULE-804 | Monolithic XML        | Warning  | Structure     | Split large XML files                                     |
 
 ### DataWeave & API-Led Rules
 
-| ID      | Name              | Severity | Category  | Description                       |
-| ------- | ----------------- | -------- | --------- | --------------------------------- |
-| DW-001  | External DWL      | Warning  | DataWeave | Externalize complex transforms    |
-| DW-002  | DWL Naming        | Info     | DataWeave | kebab-case for .dwl files         |
-| DW-003  | DWL Modules       | Info     | DataWeave | Use common modules                |
-| DW-004  | Java 17 DW Errors | Error    | DataWeave | Java 17 compatible error handling |
-| API-001 | Experience Layer  | Info     | API-Led   | Experience API patterns           |
-| API-002 | Process Layer     | Info     | API-Led   | Process layer orchestration       |
-| API-003 | System Layer      | Info     | API-Led   | System layer connections          |
-| API-004 | Single SAPI       | Warning  | API-Led   | Single system per SAPI            |
+| ID      | Name              | Severity | Category  | Description                                          |
+| ------- | ----------------- | -------- | --------- | ---------------------------------------------------- |
+| DW-001  | External DWL      | Warning  | DataWeave | Externalize complex transforms                       |
+| DW-002  | DWL Naming        | Info     | DataWeave | kebab-case for .dwl files (configurable exemptPaths) |
+| DW-003  | DWL Modules       | Info     | DataWeave | Use common modules                                   |
+| DW-004  | Java 17 DW Errors | Error    | DataWeave | Java 17 compatible error handling                    |
+| API-001 | Experience Layer  | Info     | API-Led   | Experience API patterns                              |
+| API-002 | Process Layer     | Info     | API-Led   | Process layer orchestration                          |
+| API-003 | System Layer      | Info     | API-Led   | System layer connections                             |
+| API-004 | Single SAPI       | Warning  | API-Led   | Single system per SAPI                               |
 
 ### Experimental Rules
 
@@ -346,20 +361,60 @@ npx @sfdxy/mule-lint src/main/mule -f sarif -o results.sarif
 | ERR-001  | Try Scope              | Info     | Error Handling | Complex operations should use Try scope   |
 | PERF-002 | Connection Pooling     | Warning  | Performance    | DB/HTTP should configure connection pools |
 
+### Security & Integrity Rules (v1.21)
+
+| ID      | Name                         | Severity | Category  | Description                                             |
+| ------- | ---------------------------- | -------- | --------- | ------------------------------------------------------- |
+| SEC-007 | Connector Credentials        | Error    | Security  | Connector configs must use secure property placeholders |
+| SEC-008 | Secure Properties Key        | Error    | Security  | Secure properties file must use externalized key        |
+| SEC-009 | TLS Keystore Password        | Error    | Security  | TLS keystore passwords must use secure properties       |
+| SEC-010 | Secure Properties Encryption | Warning  | Security  | Secure properties must use strong encryption algorithm  |
+| HYG-004 | Flow-Ref Target Exists       | Error    | Standards | Flow-ref must point to an existing flow/sub-flow        |
+
+### Error Handling & Resilience Rules (v1.21)
+
+| ID      | Name                       | Severity | Category       | Description                                                 |
+| ------- | -------------------------- | -------- | -------------- | ----------------------------------------------------------- |
+| ERR-002 | Error Type Coverage        | Warning  | Error Handling | APIKit flows should handle common HTTP error types          |
+| ERR-003 | Error Response Structure   | Warning  | Error Handling | Error handlers should set both httpStatus and response body |
+| ERR-004 | Catch-All Must Be Last     | Error    | Error Handling | type="ANY" on-error must be the last handler block          |
+| RES-002 | Listener Reconnect Forever | Warning  | Performance    | Listener connectors should use reconnect-forever strategy   |
+| CFG-001 | Config Properties Ordering | Info     | Standards      | Config properties should follow a consistent ordering       |
+
+### API-Led & Connector Rules (v1.21)
+
+| ID       | Name                    | Severity | Category  | Description                                             |
+| -------- | ----------------------- | -------- | --------- | ------------------------------------------------------- |
+| API-006  | APIKit Main Flow        | Warning  | API-Led   | APIKit main flow should follow standard structure       |
+| API-007  | APIKit Status Code Var  | Warning  | API-Led   | APIKit routes should set httpStatus variable            |
+| API-008  | APIKit Console Prod     | Warning  | API-Led   | APIKit console should be disabled in production         |
+| SF-001   | Replay Channel Config   | Warning  | Connector | Salesforce replay channel should have proper config     |
+| HTTP-004 | Connection Idle Timeout | Warning  | HTTP      | HTTP request configs should set connection idle timeout |
+
+### Code Hygiene Rules (v1.21)
+
+| ID      | Name                         | Severity | Category  | Description                                                |
+| ------- | ---------------------------- | -------- | --------- | ---------------------------------------------------------- |
+| DW-005  | Duplicate Transform Logic    | Warning  | DataWeave | Detect duplicated DataWeave transform expressions          |
+| HYG-005 | Unused Variable              | Warning  | Standards | Detect set-variable values never referenced in the project |
+| CFG-002 | Missing Env Properties       | Warning  | Standards | Properties referenced in XML should exist in YAML configs  |
+| STD-001 | APIKit Route Var Consistency | Info     | Standards | APIKit route variable names should be consistent           |
+| SF-002  | Event Listener Null Guard    | Warning  | Connector | Event listeners should guard against null payloads         |
+
 ### Operations & Resilience Rules
 
-| ID      | Name                   | Severity | Category      | Description                                     |
-| ------- | ---------------------- | -------- | ------------- | ----------------------------------------------- |
-| RES-001 | Reconnection Strategy  | Warning  | Performance   | Connectors should have reconnection strategies  |
-| OPS-001 | Auto-Discovery         | Info     | Standards     | APIs should have auto-discovery for API Manager |
-| OPS-002 | HTTP Port Placeholder  | Warning  | Standards     | HTTP ports should use property placeholders     |
-| OPS-003 | Externalized Cron      | Warning  | Standards     | Cron expressions should use placeholders        |
-| SEC-006 | Encryption Key in Logs | Error    | Security      | Detect sensitive data in log messages           |
-| HYG-001 | Excessive Loggers      | Warning  | Logging       | Flows should not have too many loggers          |
-| HYG-002 | Commented Code         | Info     | Standards     | Detect commented-out code blocks                |
-| HYG-003 | Unused Flow            | Warning  | Standards     | Detect flows/sub-flows never referenced         |
-| API-005 | APIKit Validation      | Info     | Standards     | APIs should use APIKit for interfaces           |
-| DOC-001 | Display Name           | Info     | Documentation | Key components should have meaningful names     |
+| ID      | Name                   | Severity | Category      | Description                                          |
+| ------- | ---------------------- | -------- | ------------- | ---------------------------------------------------- |
+| RES-001 | Reconnection Strategy  | Warning  | Performance   | Connectors should have reconnection strategies       |
+| OPS-001 | Auto-Discovery         | Info     | Standards     | APIs should have auto-discovery for API Manager      |
+| OPS-002 | HTTP Port Placeholder  | Warning  | Standards     | HTTP ports should use property placeholders          |
+| OPS-003 | Externalized Cron      | Warning  | Standards     | Cron expressions should use placeholders             |
+| SEC-006 | Encryption Key in Logs | Error    | Security      | Detect sensitive data in log messages                |
+| HYG-001 | Excessive Loggers      | Warning  | Logging       | Flows should not have too many loggers               |
+| HYG-002 | Commented Code         | Info     | Standards     | Detect commented-out code blocks                     |
+| HYG-003 | Unused Flow            | Warning  | Standards     | Detect flows/sub-flows never referenced (cross-file) |
+| API-005 | APIKit Validation      | Info     | Standards     | APIs should use APIKit for interfaces                |
+| DOC-001 | Display Name           | Info     | Documentation | Key components should have meaningful names          |
 
 ### Project Governance Rules
 
@@ -368,7 +423,7 @@ npx @sfdxy/mule-lint src/main/mule -f sarif -o results.sarif
 | PROJ-001 | POM Validation | Error    | Structure | Validates pom.xml existence and plugins    |
 | PROJ-002 | Git Hygiene    | Warning  | Structure | Validates .gitignore existence and entries |
 
-**Total: 56 rules** across 14 categories.
+**Total: 82 rules** across 16 categories.
 
 See [Rules Catalog](docs/best-practices/rules-catalog.md) for detailed documentation.
 

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@sfdxy/mule-lint",
-    "version": "1.19.0",
+    "version": "1.21.0",
     "description": "Static analysis tool for MuleSoft applications - supports humans, AI agents, and CI/CD pipelines",
     "author": "Avinava",
     "license": "MIT",

package/dist/src/core/XPathHelper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"XPathHelper.d.ts","sourceRoot":"","sources":["../../../src/core/XPathHelper.ts"],"names":[],"mappings":"AAKA;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CA6DlD,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,UAAW,SAAQ,IAAI;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAA0B;IACjD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAE3C,OAAO;IAIP;;OAEG;WACW,WAAW,IAAI,WAAW;IAOxC;;OAEG;WACW,KAAK,IAAI,IAAI;IAI3B;;;;;OAKG;IACI,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,IAAI,EAAE;IAaxE;;;;;OAKG;IACI,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI;IAK5E;;;;;OAKG;IACI,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI;IAShF;;;;;OAKG;IACI,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,OAAO;IAIpE;;;;;OAKG;IACI,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM;CAGnE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAQxE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAE9D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAGlE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAEjD"}
+{"version":3,"file":"XPathHelper.d.ts","sourceRoot":"","sources":["../../../src/core/XPathHelper.ts"],"names":[],"mappings":"AAKA;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAyElD,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,UAAW,SAAQ,IAAI;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAA0B;IACjD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAE3C,OAAO;IAIP;;OAEG;WACW,WAAW,IAAI,WAAW;IAOxC;;OAEG;WACW,KAAK,IAAI,IAAI;IAI3B;;;;;OAKG;IACI,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,IAAI,EAAE;IAaxE;;;;;OAKG;IACI,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI;IAK5E;;;;;OAKG;IACI,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI;IAShF;;;;;OAKG;IACI,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,OAAO;IAIpE;;;;;OAKG;IACI,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM;CAGnE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAQxE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAE9D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAGlE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAEjD"}

package/dist/src/core/XPathHelper.js

@@ -91,6 +91,14 @@ exports.MULE_NAMESPACES = {
     sockets: 'http://www.mulesoft.org/schema/mule/sockets',
     // Web Service Consumer
     wsc: 'http://www.mulesoft.org/schema/mule/wsc',
+    // NetSuite
+    netsuite: 'http://www.mulesoft.org/schema/mule/netsuite',
+    // SAP
+    sap: 'http://www.mulesoft.org/schema/mule/sap',
+    // Anypoint MQ
+    'anypoint-mq': 'http://www.mulesoft.org/schema/mule/anypoint-mq',
+    // OAuth
+    oauth: 'http://www.mulesoft.org/schema/mule/oauth',
 };
 /**
  * Helper class for namespace-aware XPath queries on Mule XML documents

package/dist/src/core/XPathHelper.js.map

@@ -1 +1 @@
-{"version":3,"file":"XPathHelper.js","sourceRoot":"","sources":["../../../src/core/XPathHelper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkLA,oCAQC;AAKD,sCAEC;AAKD,0CAEC;AAKD,oCAGC;AAKD,oCAEC;AAKD,wCAEC;AA9ND,6CAA+B;AAE/B,yDAAyD;AACzD,oDAAoD;AAEpD;;;GAGG;AACU,QAAA,eAAe,GAA2B;IACrD,YAAY;IACZ,IAAI,EAAE,0CAA0C;IAEhD,iBAAiB;IACjB,IAAI,EAAE,0CAA0C;IAChD,KAAK,EAAE,2CAA2C;IAElD,iBAAiB;IACjB,EAAE,EAAE,6CAA6C;IAEjD,gBAAgB;IAChB,GAAG,EAAE,mDAAmD;IAExD,iBAAiB;IACjB,GAAG,EAAE,yCAAyC;IAC9C,mBAAmB,EAAE,uDAAuD;IAE5E,WAAW;IACX,EAAE,EAAE,wCAAwC;IAE5C,kBAAkB;IAClB,IAAI,EAAE,0CAA0C;IAChD,IAAI,EAAE,0CAA0C;IAChD,GAAG,EAAE,yCAAyC;IAE9C,YAAY;IACZ,EAAE,EAAE,wCAAwC;IAC5C,GAAG,EAAE,yCAAyC;IAC9C,IAAI,EAAE,0CAA0C;IAEhD,MAAM;IACN,MAAM,EAAE,iDAAiD;IACzD,aAAa,EAAE,iDAAiD;IAEhE,eAAe;IACf,EAAE,EAAE,wCAAwC;IAE5C,QAAQ;IACR,KAAK,EAAE,2CAA2C;IAElD,aAAa;IACb,UAAU,EAAE,gDAAgD;IAE5D,QAAQ;IACR,KAAK,EAAE,2CAA2C;IAElD,aAAa;IACb,UAAU,EAAE,gDAAgD;IAE5D,YAAY;IACZ,SAAS,EAAE,+CAA+C;IAE1D,OAAO;IACP,IAAI,EAAE,0CAA0C;IAEhD,UAAU;IACV,OAAO,EAAE,6CAA6C;IAEtD,uBAAuB;IACvB,GAAG,EAAE,yCAAyC;CAC/C,CAAC;AAWF;;GAEG;AACH,MAAa,WAAW;IACd,MAAM,CAAC,QAAQ,CAA0B;IAChC,MAAM,CAAoB;IAE3C;QACE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,aAAa,CAAC,uBAAe,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK;QACjB,WAAW,CAAC,QAAQ,GAAG,SAAS,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACI,WAAW,CAAC,UAAkB,EAAE,OAAwB;QAC7D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAChD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,UAAU,IAAI,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,UAAU,CAAC,UAAkB,EAAE,OAAwB;QAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAED;;;;;OAKG;IACI,YAAY,CAAC,UAAkB,EAAE,OAAwB;QAC9D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,UAAU,GAAG,EAAE,OAAO,CAAC,CAAC;YAC7D,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,UAAkB,EAAE,OAAwB;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,UAAkB,EAAE,OAAwB;QACvD,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IACtD,CAAC;CACF;AAzFD,kCAyFC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAU,EAAE,QAAgB;IACvD,MAAM,OAAO,GAAG,IAAe,CAAC;IAChC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAE7C,OAAO,KAAK,IAAI,IAAI,CAAC;IACvB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,IAAU;IACtC,OAAQ,IAAmB,CAAC,UAAU,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,IAAU;IACxC,OAAQ,IAAmB,CAAC,YAAY,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAU,EAAE,QAAgB;IACvD,MAAM,OAAO,GAAG,IAAe,CAAC;IAChC,OAAO,OAAO,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAU;IACrC,OAAQ,IAAmB,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,IAAU;IACvC,OAAO,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;AAChC,CAAC"}
+{"version":3,"file":"XPathHelper.js","sourceRoot":"","sources":["../../../src/core/XPathHelper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8LA,oCAQC;AAKD,sCAEC;AAKD,0CAEC;AAKD,oCAGC;AAKD,oCAEC;AAKD,wCAEC;AA1OD,6CAA+B;AAE/B,yDAAyD;AACzD,oDAAoD;AAEpD;;;GAGG;AACU,QAAA,eAAe,GAA2B;IACrD,YAAY;IACZ,IAAI,EAAE,0CAA0C;IAEhD,iBAAiB;IACjB,IAAI,EAAE,0CAA0C;IAChD,KAAK,EAAE,2CAA2C;IAElD,iBAAiB;IACjB,EAAE,EAAE,6CAA6C;IAEjD,gBAAgB;IAChB,GAAG,EAAE,mDAAmD;IAExD,iBAAiB;IACjB,GAAG,EAAE,yCAAyC;IAC9C,mBAAmB,EAAE,uDAAuD;IAE5E,WAAW;IACX,EAAE,EAAE,wCAAwC;IAE5C,kBAAkB;IAClB,IAAI,EAAE,0CAA0C;IAChD,IAAI,EAAE,0CAA0C;IAChD,GAAG,EAAE,yCAAyC;IAE9C,YAAY;IACZ,EAAE,EAAE,wCAAwC;IAC5C,GAAG,EAAE,yCAAyC;IAC9C,IAAI,EAAE,0CAA0C;IAEhD,MAAM;IACN,MAAM,EAAE,iDAAiD;IACzD,aAAa,EAAE,iDAAiD;IAEhE,eAAe;IACf,EAAE,EAAE,wCAAwC;IAE5C,QAAQ;IACR,KAAK,EAAE,2CAA2C;IAElD,aAAa;IACb,UAAU,EAAE,gDAAgD;IAE5D,QAAQ;IACR,KAAK,EAAE,2CAA2C;IAElD,aAAa;IACb,UAAU,EAAE,gDAAgD;IAE5D,YAAY;IACZ,SAAS,EAAE,+CAA+C;IAE1D,OAAO;IACP,IAAI,EAAE,0CAA0C;IAEhD,UAAU;IACV,OAAO,EAAE,6CAA6C;IAEtD,uBAAuB;IACvB,GAAG,EAAE,yCAAyC;IAE9C,WAAW;IACX,QAAQ,EAAE,8CAA8C;IAExD,MAAM;IACN,GAAG,EAAE,yCAAyC;IAE9C,cAAc;IACd,aAAa,EAAE,iDAAiD;IAEhE,QAAQ;IACR,KAAK,EAAE,2CAA2C;CACnD,CAAC;AAWF;;GAEG;AACH,MAAa,WAAW;IACd,MAAM,CAAC,QAAQ,CAA0B;IAChC,MAAM,CAAoB;IAE3C;QACE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,aAAa,CAAC,uBAAe,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK;QACjB,WAAW,CAAC,QAAQ,GAAG,SAAS,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACI,WAAW,CAAC,UAAkB,EAAE,OAAwB;QAC7D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAChD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,UAAU,IAAI,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,UAAU,CAAC,UAAkB,EAAE,OAAwB;QAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAED;;;;;OAKG;IACI,YAAY,CAAC,UAAkB,EAAE,OAAwB;QAC9D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,UAAU,GAAG,EAAE,OAAO,CAAC,CAAC;YAC7D,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,UAAkB,EAAE,OAAwB;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,UAAkB,EAAE,OAAwB;QACvD,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IACtD,CAAC;CACF;AAzFD,kCAyFC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAU,EAAE,QAAgB;IACvD,MAAM,OAAO,GAAG,IAAe,CAAC;IAChC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAE7C,OAAO,KAAK,IAAI,IAAI,CAAC;IACvB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,IAAU;IACtC,OAAQ,IAAmB,CAAC,UAAU,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,IAAU;IACxC,OAAQ,IAAmB,CAAC,YAAY,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAU,EAAE,QAAgB;IACvD,MAAM,OAAO,GAAG,IAAe,CAAC;IAChC,OAAO,OAAO,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAU;IACrC,OAAQ,IAAmB,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,IAAU;IACvC,OAAO,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;AAChC,CAAC"}

package/dist/src/engine/LintEngine.d.ts

@@ -19,6 +19,12 @@ export declare class LintEngine {
     private rules;
     private config;
     private verbose;
+    /**
+     * Cache of parsed XML documents keyed by absolute file path.
+     * Populated during preScanFiles() and reused in processFile()
+     * to avoid parsing every XML file twice.
+     */
+    private documentCache;
     constructor(options: EngineOptions);
     /**
      * Scan a directory or file and return lint report
@@ -64,5 +70,31 @@ export declare class LintEngine {
      * Collect metrics from a parsed XML document
      */
     private collectFileMetrics;
+    /**
+     * Pre-scan all XML files to build cross-file context:
+     *   - allFlowRefs: union of all <flow-ref name="..."> targets across files
+     *   - allFlowNames: union of all <flow>/<sub-flow> name attributes across files
+     *   - projectContext: whether the project has HTTP listeners / APIkit routers
+     *
+     * Parsed documents are cached in this.documentCache so that processFile()
+     * can reuse them instead of re-parsing.
+     *
+     * This runs before the main per-file rule execution so that rules can use
+     * the aggregated information (e.g. HYG-003 cross-file unused flow detection,
+     * HYG-004 cross-file flow-ref target validation,
+     * MULE-005 HTTP-only project detection).
+     */
+    private preScanFiles;
+    /**
+     * Detect the API-led connectivity layer of the project.
+     *
+     * Heuristics (in priority order):
+     * 1. Directory/project name contains `-sapi`, `-papi`, `-eapi`
+     * 2. Flow names contain `sapi`, `papi`, `eapi` patterns
+     * 3. No HTTP listener + batch jobs → batch
+     * 4. No flows at all → library
+     * 5. Otherwise → unknown
+     */
+    private detectProjectLayer;
 }
 //# sourceMappingURL=LintEngine.d.ts.map

package/dist/src/engine/LintEngine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"LintEngine.d.ts","sourceRoot":"","sources":["../../../src/engine/LintEngine.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,KAAK,EAA2C,MAAM,UAAU,CAAC;AAChF,OAAO,EAAE,UAAU,EAAkB,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAA2C,MAAM,iBAAiB,CAAC;AAQtF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,8CAA8C;IAC9C,MAAM,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,sBAAsB;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,OAAO,CAAU;gBAEb,OAAO,EAAE,aAAa;IAMlC;;OAEG;IACU,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAoH1D;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;IACI,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK,EAAE;IAmB9D;;OAEG;IACI,eAAe,IAAI,IAAI,EAAE;IAOhC;;OAEG;IACH,OAAO,CAAC,WAAW;IAoDnB;;OAEG;IACH,OAAO,CAAC,QAAQ;IA4ChB;;OAEG;IACH,OAAO,CAAC,aAAa;IAerB;;OAEG;IACH,OAAO,CAAC,YAAY;IAgCpB;;OAEG;IACH,OAAO,CAAC,eAAe;IA+BvB;;OAEG;IACH,OAAO,CAAC,GAAG;IAOX;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAG3B"}
+{"version":3,"file":"LintEngine.d.ts","sourceRoot":"","sources":["../../../src/engine/LintEngine.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,IAAI,EACJ,KAAK,EAMN,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,UAAU,EAAkB,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAA2C,MAAM,iBAAiB,CAAC;AAQtF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,8CAA8C;IAC9C,MAAM,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,sBAAsB;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,OAAO,CAAU;IAEzB;;;;OAIG;IACH,OAAO,CAAC,aAAa,CAAoC;gBAE7C,OAAO,EAAE,aAAa;IAMlC;;OAEG;IACU,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAoI1D;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;IACI,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK,EAAE;IAmB9D;;OAEG;IACI,eAAe,IAAI,IAAI,EAAE;IAOhC;;OAEG;IACH,OAAO,CAAC,WAAW;IAqEnB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAuDhB;;OAEG;IACH,OAAO,CAAC,aAAa;IAerB;;OAEG;IACH,OAAO,CAAC,YAAY;IAgCpB;;OAEG;IACH,OAAO,CAAC,eAAe;IA+BvB;;OAEG;IACH,OAAO,CAAC,GAAG;IAOX;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAI1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,YAAY;IAgFpB;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;CA2C3B"}

package/dist/src/engine/LintEngine.js

@@ -54,6 +54,12 @@ class LintEngine {
     rules;
     config;
     verbose;
+    /**
+     * Cache of parsed XML documents keyed by absolute file path.
+     * Populated during preScanFiles() and reused in processFile()
+     * to avoid parsing every XML file twice.
+     */
+    documentCache = new Map();
     constructor(options) {
         this.rules = options.rules;
         this.config = { ...Config_1.DEFAULT_CONFIG, ...options.config };
@@ -88,6 +94,10 @@ class LintEngine {
             exclude: this.config.exclude,
         });
         this.log(`Found ${files.length} files to scan`);
+        // Pre-scan: collect cross-file context before rule execution
+        const { allFlowRefs, allFlowNames, projectContext } = isStandalone
+            ? { allFlowRefs: undefined, allFlowNames: undefined, projectContext: undefined }
+            : this.preScanFiles(files);
         // Process each file and collect metrics
         const fileResults = [];
         const metricsAggregator = {
@@ -108,7 +118,7 @@ class LintEngine {
             flowComplexityData: [],
         };
         for (const file of files) {
-            const result = this.processFile(file, projectRoot, isStandalone, metricsAggregator);
+            const result = this.processFile(file, projectRoot, isStandalone, metricsAggregator, allFlowRefs, allFlowNames, projectContext);
             fileResults.push(result);
         }
         // Run Project Rules (only once per scan, if not standalone)
@@ -148,6 +158,8 @@ class LintEngine {
         const summary = this.buildSummary(fileResults);
         this.log(`Scan complete in ${durationMs}ms`);
         this.log(`Found ${summary.bySeverity.error} errors, ${summary.bySeverity.warning} warnings`);
+        // Release cached documents to free memory
+        this.documentCache.clear();
         // Build initial report with base metrics
         const baseReport = {
             projectRoot,
@@ -210,24 +222,34 @@ class LintEngine {
     /**
      * Process a single file
      */
-    processFile(file, projectRoot, isStandalone = false, metricsAggregator) {
+    processFile(file, projectRoot, isStandalone = false, metricsAggregator, allFlowRefs, allFlowNames, projectContext) {
         this.log(`  Processing: ${file.relativePath}`);
         try {
-            const content = (0, FileScanner_1.readFileContent)(file.absolutePath);
-            const parseResult = (0, XmlParser_1.parseXml)(content, file.relativePath);
-            if (!parseResult.success || !parseResult.document) {
-                return {
-                    filePath: file.absolutePath,
-                    relativePath: file.relativePath,
-                    issues: [],
-                    parsed: false,
-                    parseError: parseResult.error,
-                };
+            // Try to use the cached document from preScanFiles() first
+            const cachedDoc = this.documentCache.get(file.absolutePath);
+            let doc;
+            if (cachedDoc) {
+                doc = cachedDoc;
+            }
+            else {
+                // Cache miss (standalone mode or non-XML processed first time)
+                const content = (0, FileScanner_1.readFileContent)(file.absolutePath);
+                const parseResult = (0, XmlParser_1.parseXml)(content, file.relativePath);
+                if (!parseResult.success || !parseResult.document) {
+                    return {
+                        filePath: file.absolutePath,
+                        relativePath: file.relativePath,
+                        issues: [],
+                        parsed: false,
+                        parseError: parseResult.error,
+                    };
+                }
+                doc = parseResult.document;
             }
-            const issues = this.runRules(parseResult.document, file.absolutePath, projectRoot, isStandalone);
+            const issues = this.runRules(doc, file.absolutePath, projectRoot, isStandalone, allFlowRefs, allFlowNames, projectContext);
             // Collect metrics from parsed document
             if (metricsAggregator) {
-                this.collectFileMetrics(parseResult.document, file.relativePath, metricsAggregator);
+                this.collectFileMetrics(doc, file.relativePath, metricsAggregator);
             }
             return {
                 filePath: file.absolutePath,
@@ -250,7 +272,7 @@ class LintEngine {
     /**
      * Run all enabled rules against a document
      */
-    runRules(doc, filePath, projectRoot, isStandalone = false) {
+    runRules(doc, filePath, projectRoot, isStandalone = false, allFlowRefs, allFlowNames, projectContext) {
         const issues = [];
         const enabledRules = this.getEnabledRules();
         for (const rule of enabledRules) {
@@ -258,12 +280,19 @@ class LintEngine {
             if (isStandalone && rule.category === 'structure') {
                 continue;
             }
+            // Skip ProjectRule instances — they are handled separately in runProjectRules()
+            if (rule instanceof ProjectRule_1.ProjectRule) {
+                continue;
+            }
             try {
                 const context = {
                     filePath,
                     relativePath: path.relative(projectRoot, filePath),
                     projectRoot,
                     config: this.getRuleConfig(rule.id),
+                    allFlowRefs,
+                    allFlowNames,
+                    projectContext,
                 };
                 const ruleIssues = rule.validate(doc, context);
                 // Apply severity override from config
@@ -371,6 +400,128 @@ class LintEngine {
     collectFileMetrics(doc, relativePath, metrics) {
         (0, MetricsCollector_1.collectFileMetrics)(doc, relativePath, metrics);
     }
+    /**
+     * Pre-scan all XML files to build cross-file context:
+     *   - allFlowRefs: union of all <flow-ref name="..."> targets across files
+     *   - allFlowNames: union of all <flow>/<sub-flow> name attributes across files
+     *   - projectContext: whether the project has HTTP listeners / APIkit routers
+     *
+     * Parsed documents are cached in this.documentCache so that processFile()
+     * can reuse them instead of re-parsing.
+     *
+     * This runs before the main per-file rule execution so that rules can use
+     * the aggregated information (e.g. HYG-003 cross-file unused flow detection,
+     * HYG-004 cross-file flow-ref target validation,
+     * MULE-005 HTTP-only project detection).
+     */
+    preScanFiles(files) {
+        const allFlowRefs = new Set();
+        const allFlowNames = new Set();
+        const projectContext = {
+            hasHttpListener: false,
+            hasApikitRouter: false,
+        };
+        // Clear the cache at the start of each scan
+        this.documentCache.clear();
+        for (const file of files) {
+            // Only process XML files
+            if (!file.absolutePath.endsWith('.xml')) {
+                continue;
+            }
+            try {
+                const content = (0, FileScanner_1.readFileContent)(file.absolutePath);
+                const parseResult = (0, XmlParser_1.parseXml)(content, file.relativePath);
+                if (!parseResult.success || !parseResult.document) {
+                    continue;
+                }
+                const doc = parseResult.document;
+                // Cache the parsed document for reuse in processFile()
+                this.documentCache.set(file.absolutePath, doc);
+                // Collect flow-ref targets
+                const allElements = doc.getElementsByTagName('*');
+                for (let i = 0; i < allElements.length; i++) {
+                    const el = allElements[i];
+                    const localName = el.localName ?? el.nodeName.split(':').pop() ?? '';
+                    if (localName === 'flow-ref') {
+                        const name = el.getAttribute('name');
+                        if (name) {
+                            allFlowRefs.add(name);
+                        }
+                    }
+                    // Collect flow/sub-flow definitions
+                    if (localName === 'flow' || localName === 'sub-flow') {
+                        const name = el.getAttribute('name');
+                        if (name) {
+                            allFlowNames.add(name);
+                        }
+                    }
+                    // Detect HTTP listener
+                    if (localName === 'listener') {
+                        projectContext.hasHttpListener = true;
+                    }
+                    // Detect APIkit router or console
+                    if (localName === 'router' || localName === 'console') {
+                        // Check namespace to be sure it's apikit
+                        const nodeName = el.nodeName;
+                        if (nodeName.includes('apikit:')) {
+                            projectContext.hasApikitRouter = true;
+                        }
+                    }
+                }
+            }
+            catch {
+                // Ignore unreadable files during pre-scan
+            }
+        }
+        // Detect project layer from directory name, flow names, and content
+        projectContext.projectLayer = this.detectProjectLayer(files, allFlowNames, projectContext);
+        return { allFlowRefs, allFlowNames, projectContext };
+    }
+    /**
+     * Detect the API-led connectivity layer of the project.
+     *
+     * Heuristics (in priority order):
+     * 1. Directory/project name contains `-sapi`, `-papi`, `-eapi`
+     * 2. Flow names contain `sapi`, `papi`, `eapi` patterns
+     * 3. No HTTP listener + batch jobs → batch
+     * 4. No flows at all → library
+     * 5. Otherwise → unknown
+     */
+    detectProjectLayer(files, allFlowNames, projectContext) {
+        // Check project directory name
+        const projectDir = files.length > 0
+            ? path.basename(path.resolve(files[0].absolutePath, '..', '..', '..', '..'))
+            : '';
+        const dirLower = projectDir.toLowerCase();
+        if (dirLower.includes('-sapi') || dirLower.includes('_sapi') || dirLower.endsWith('sapi')) {
+            return 'sapi';
+        }
+        if (dirLower.includes('-papi') || dirLower.includes('_papi') || dirLower.endsWith('papi')) {
+            return 'papi';
+        }
+        if (dirLower.includes('-eapi') || dirLower.includes('_eapi') || dirLower.endsWith('eapi')) {
+            return 'eapi';
+        }
+        // Check flow names for layer hints
+        const flowNamesArray = [...allFlowNames].map((n) => n.toLowerCase());
+        const hasSapiFlow = flowNamesArray.some((n) => n.includes('sapi') || n.includes('system-api'));
+        const hasPapiFlow = flowNamesArray.some((n) => n.includes('papi') || n.includes('process-api'));
+        const hasEapiFlow = flowNamesArray.some((n) => n.includes('eapi') || n.includes('experience-api'));
+        if (hasSapiFlow && !hasPapiFlow && !hasEapiFlow)
+            return 'sapi';
+        if (hasPapiFlow && !hasSapiFlow && !hasEapiFlow)
+            return 'papi';
+        if (hasEapiFlow && !hasSapiFlow && !hasPapiFlow)
+            return 'eapi';
+        // No flows → library
+        if (allFlowNames.size === 0)
+            return 'library';
+        // Has batch jobs but no HTTP listener → batch
+        const hasBatch = flowNamesArray.some((n) => n.includes('batch'));
+        if (hasBatch && !projectContext.hasHttpListener)
+            return 'batch';
+        return 'unknown';
+    }
 }
 exports.LintEngine = LintEngine;
 //# sourceMappingURL=LintEngine.js.map